Filtered by vendor Microsoft
Subscribe
Search
Total
6671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30614 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |||||
| CVE-2021-30613 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30613 Use after free in Base internals | |||||
| CVE-2021-30612 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30612 Use after free in WebRTC | |||||
| CVE-2021-30611 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30611 Use after free in WebRTC | |||||
| CVE-2021-30610 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30610 Use after free in Extensions API | |||||
| CVE-2021-30607 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30607 Use after free in Permissions | |||||
| CVE-2020-12963 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-18 | 7.2 HIGH | 7.8 HIGH |
| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. | |||||
| CVE-2020-12929 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . | |||||
| CVE-2020-12903 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. | |||||
| CVE-2020-12894 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-17 | 3.6 LOW | 7.1 HIGH |
| Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. | |||||
| CVE-2020-12898 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | |||||
| CVE-2020-12893 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. | |||||
| CVE-2021-41057 | 3 Microsoft, Siemens, Wibu | 11 Windows, Pss Cape, Pss E and 8 more | 2021-11-17 | 3.6 LOW | 7.1 HIGH |
| In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. | |||||
| CVE-2021-42731 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2021-11-17 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42721 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-11-17 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | |||||
| CVE-2020-12895 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. | |||||
| CVE-2020-12899 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-17 | 3.6 LOW | 7.1 HIGH |
| Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. | |||||
| CVE-2021-38983 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792. | |||||
| CVE-2021-42563 | 2 Microsoft, Ni | 2 Windows, Ni Service Locator | 2021-11-16 | 4.6 MEDIUM | 7.8 HIGH |
| There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | |||||
| CVE-2020-7484 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2021-11-10 | 4.3 MEDIUM | 7.5 HIGH |
| **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. | |||||
| CVE-2020-7483 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. | |||||
| CVE-2021-36009 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-11-06 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator version 25.2.3 (and earlier) is affected by an memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40726 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2021-40725 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2021-29825 | 5 Ibm, Linux, Microsoft and 2 more | 6 Aix, Db2, Linux Kernel and 3 more | 2021-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470. | |||||
| CVE-2021-35213 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2021-11-05 | 9.0 HIGH | 8.8 HIGH |
| An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability. | |||||
| CVE-2016-5330 | 3 Apple, Microsoft, Vmware | 7 Mac Os X, Windows, Esxi and 4 more | 2021-11-05 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2021-41022 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | |||||
| CVE-2021-28562 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascript. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-5443 | 4 Haxx, Microsoft, Netapp and 1 more | 10 Curl, Windows, Oncommand Insight and 7 more | 2021-11-03 | 4.4 MEDIUM | 7.8 HIGH |
| A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. | |||||
| CVE-2021-29737 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301. | |||||
| CVE-2021-29888 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2021-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123. | |||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2021-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2021-26610 | 2 Microsoft, Nhn-commerce | 2 Windows, Godomall5 | 2021-11-01 | 6.5 MEDIUM | 8.8 HIGH |
| The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code. | |||||
| CVE-2019-19164 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2021-10-29 | 6.8 MEDIUM | 8.8 HIGH |
| dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-28963 | 2 Krylack, Microsoft | 2 Zip Password Recovery, Windows | 2021-10-28 | 7.2 HIGH | 7.8 HIGH |
| Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. | |||||
| CVE-2019-16765 | 1 Microsoft | 1 Codeql | 2021-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here. | |||||
| CVE-2019-10210 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2021-10-28 | 1.9 LOW | 7.0 HIGH |
| Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | |||||
| CVE-2021-42108 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-42107 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106. | |||||
| CVE-2021-30359 | 2 Checkpoint, Microsoft | 3 Harmony Browse, Sandblast Agent For Browsers, Windows | 2021-10-27 | 7.2 HIGH | 7.8 HIGH |
| The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges. | |||||
| CVE-2021-42106 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107. | |||||
| CVE-2021-42105 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107. | |||||
| CVE-2021-42104 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107. | |||||
| CVE-2021-42103 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identical to CVE-2021-42101. | |||||
| CVE-2021-42102 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-42101 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identical to CVE-2021-42103. | |||||
| CVE-2021-42011 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-23139 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. | |||||
| CVE-2021-40728 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||